It is not so rare to find the stories in the news of identity thefts being perpetrated or large databases with personal information being hacked. While personal information are being stolen on a daily basis it often begs the question, what is this data used for?
First of all, there are several types of personal data “packages” that can be bought on darknet markets each having their own bitcoin price, but the most popular ones are the full data sets consisting of anything from name and address to social security number, called “fullz.” These fullz are usually obtained in large numbers by performing hacks on databases of companies that deal in finance, social security or insurance and it is not uncommon to see them put up for sale days after news of data breach is reported.
Fullz can go anywhere from few Satoshi to a full bitcoin or two, depending on what information they provide and who said information belongs to. One thing that is mostly looked for and which greatly increases the bitcoin value of fullz is if credit card information is usable or not. While there are some buyers who will deliberately go for “dead” credit card information, in most cases, fullz with proper, working credit card information will go for a much more bitcoin than dead ones. The credit card limit is also one of the deciding factors when creating a price in bitcoin for personal data. It was reported that some fullz went for as much as 2 Bitcoin, since the data obtained belonged to somebody who had a $10,000 spending limit on their card.
While carding, term for stealing credit card information, is quite advanced and wide spread on Russian part of the darknet where it can fetch a hefty sum of bitcoin, it seems that the English-speaking community is much less prone to it. There is also the inherent distrust towards carders that makes selling carded information not too spread on English marketplaces, due to which only a handful of marketplaces, like AlphaBay Marketplace actually sells them to begin with.